Get Help With Your Privacy Impact Assessment

If you need a PIA, you're in the right place.

Custodians of patient information in Alberta are required by section 64 of the Health Information Act (HIA) to submit a Privacy Impact Assessment (PIA) to the Office of the Information and Privacy Commissioner (OIPC). The purpose of the document is two-fold. First, to demonstrate your commitment and ability to protect patient privacy. Second, to protect you and your patients from the preventable and dangerous loss or exposure of sensitive information.

Use this site as a resource to learn more about your clinic's responsibilities under the HIA and the requirements for submitting a PIA. The answers you'll find here are curated by experts with decades of experience in privacy compliance in Alberta, with over 3,000 approved Privacy Impact Assessments.

Tips For Getting Started With Your PIA

The First 5 Steps to Privacy Compliance

Top privacy risks clinics face:

Healthcare clinics are particularly susceptible to privacy and security breaches.

The cost of theft:

Private patient information is 50 times more valuable on the black market than credit card data. Criminals can use stolen patient data to assume a patient’s identity, causing severe financial and reputational damage, but also putting patient health at risk by contaminating their medical record.

The cost of non-compliance:

Privacy regulations in healthcare are in place to keep patient information safe, and protect your practice for the consequences of an accidental breach or malicious attack. Failure to comply with regulations can constitute a breach and cost heavily in fines and other punitive measures including loss of patients.

The cost of losing patients:

Clinics publically known to have lost private patient information have seen as much as a 70% drop in patient loyalty. And it’s hard to get them back. Research shows Canadians are willing to travel up to 50km if local providers aren’t careful with their confidential information.